Network Security - Canon imageRUNNER LBP3580 Service Manual

3. Network Security

The imageRUNNER LBP3580 machines secure network communications
by using MAC (Media Access Control) Address filters, IP Address Filters,
IPSec (Internet Protocol Security), SNMPv3 protocol, and IEEE 802.1x
authentication.
a. MAC Address Filters
A MAC address is a computer's unique hardware number. The MAC
Address Filter permits or rejects access to the machine for up to 50
MAC addresses. It is useful for environments that use DHCP (Dynamic
Host Configuration Protocol) for IP address assignments. If DHCP
leases expire and a new IP address is issued to a certain system, the
filter can still identify the system's MAC address, and permit or reject
access to the machine. MAC addresses can easily be added, edited,
or deleted through the Remote UI.
b. IP Address Filters
The IP Address Filter permits or rejects incoming print data from up to
16 IP addresses or ranges of IP addresses. This minimizes the risk of
data being sent out of the company to systems that are not trusted.
c. IPSec
IPSec (Internet Protocol Security) is a protocol that maintains security
by protecting IP packets transmitted over the IP network from threats,
such as theft, falsification, and spoofing. IPSec can be used to add a
security function to the basic IP (Internet Protocol) without it being
dependent on software or network configuration.
d. SNMPv3
SNMPv3 (Simple Network Management Protocol Version 3) is an
Internet-standard protocol for managing devices on IP networks.
Devices that typically support SNMP include routers, switches, servers,
workstations, and printers. Use SNMP to restrict the users who can
specify and browse the settings via the Remote UI.
e. IEEE 802.1x Authentication
IEEE 802.1x provides port-based authentication. Authentication
involves communications between a supplicant, authenticator, and
authentication server. The supplicant is authentication software on a
client device. The client device (the imageRUNNER LBP3580
machine) needs the supplicant to provide credentials, such as user
names/passwords or digital certificates, to the authenticator (a wireless
access point). The authenticator then forwards the credentials to the
authentication server (generally a RADIUS database) for verification. If
the credentials are valid in the authentication server database, the
client device is allowed to access resources located on the protected
side of the network.
imageRUNNER LBP3580 Service Guide
imageRUNNER LBP3580 Service Guide
January 2013
Page 5